Want to be a hero? 

Bugcrowd is proud to partner with the Cybersecurity and Infrastructure Security Agency (CISA). Through this partnership, we’re able to provide our community of researchers the opportunity to report vulnerabilities found in a number of Federal Civilian Executive Branch (FCEB) agencies. Use your unique skills to hack everything from The Department of Homeland Security to the Court Services and Offender Supervision Agency. Head over to our Press Release to read about how Bugcrowd is partnering with CISA.

On behalf of CISA and Bugcrowd, we want to acknowledge all of the amazing work you have done — and will continue to do! — on these programs. (Challenge Coins are no longer being offered) We’re pleased to announce that participation on the CISA programs qualifies you for Challenge Coins made especially for this opportunity.

Challenge Coin Details

(Challenge Coins are no longer being offered)

There will be 3 Challenge Coins offered for:

10 Qualifying Submissions
30 Qualifying Submissions
75 Qualifying Submissions


To qualify, submissions must:

(Challenge Coins are no longer being offered)

  • be submitted by December 1st, 12:00AM (07:00 UTC)
  • be an Accepted report (Unresolved, Resolved, or Informational)
  • have a priority of P1, P2, P3, or P4


(Challenge Coins are no longer being offered) Researchers who qualify will be contacted by the second week of December and Challenge Coins will start shipping by the end of the month.

Please note: Participation on these programs and qualifying for these Challenge Coins is contingent on maintaining good standing with our Platform Behavior Standards. Researchers who are found in violation in an attempt to game the system are not eligible for being awarded Challenge Coins.

Check out the full list of programs HERE! 

Help us hack the homeland!